privacy_policy

Introduction

1. Who processes your personal data?

2. What personal data is collected?

3. What are the purposes pursued?

4. On the basis of which legal bases is your data processed?

5. To whom is your data transferred?

6. How is your data stored and protected?

7. How long is your data kept?

8. What are your rights?

10. Applicable law and jurisdiction

This Privacy Policy aims to inform you in a clear and transparent manner about how we collect, use, process and protect your personal data when you use our Website.

By using the KRUMBS Website, Users declare that they have read this Privacy Policy and expressly accept the collection and processing of their personal data as described in this document.

We reserve the right to modify this Privacy Policy at any time to adapt to legislative or regulatory changes, or to better meet our data protection obligations. We encourage Users to review this policy regularly to stay informed about our current data privacy practices.

The company Deslypere Louise (trade name "KRUMBS"), located in Brussels , registered with the CBE under number BE 1021.215.208.

In the course of its activities, KRUMBS collects and processes several categories of personal data, depending on how you use the www.krumbs.be website. The data collected is limited to what is strictly necessary for the provision of the services and is distributed as follows:

• Identification data : name, surname, email address, password – collected when creating a customer account.

• Contact details : postal address, telephone number, e-mail address – necessary for processing orders, issuing receipts or invoices and communicating with users.

• Billing and payment data : billing address, data related to the payment method used (via a secure external service provider – KRUMBS does not have access to your full credit card data).

• Order data : order history, guides downloaded, language preferences, topics viewed, etc.

• Technical data : IP address, type of browser, type of terminal used, operating system, browsing data, pages viewed, date and time of consultation – collected automatically via cookies for the proper functioning of the site and for statistical purposes.

• Data from interactions with support : content of messages sent via the contact form or by email, as well as any additional information provided in the context of support.

KRUMBS ensures that it only collects the data that is strictly necessary for the purpose pursued and does not process so-called sensitive data within the meaning of the GDPR.

The personal data collected by KRUMBS is processed for the following purposes:

• Management of orders and supply of digital products : processing of orders placed via the site, delivery of digital guides, management of downloads, sending of confirmations and communications related to the execution of the contract.

• User account creation, management, and security : Allowing users to create a personal account, access it securely, view their purchase history, and manage their preferences.

• Invoicing and accounting : issuing invoices, processing payments via a secure platform, meeting accounting obligations.

• Customer support and after-sales service : respond to questions or requests sent via the contact form or by email, ensure adequate follow-up and improve the quality of service.

• Communication of information and news : punctual sending of communications relating to KRUMBS' products, services or news, if the user has consented to this. The user may withdraw his or her consent at any time.

• Improvement of the site and statistical analysis : collection of technical browsing data in order to ensure the proper functioning of the site, measure traffic, improve ergonomics and adapt the content offered according to the general preferences of users.

Each processing operation shall be carried out in a proportionate manner, in accordance with the principle of data minimisation and in accordance with the applicable provisions on the protection of personal data.

KRUMBS processes users' personal data on the basis of the legal bases provided for in the General Data Protection Regulation (GDPR), depending on the purposes pursued:

• Consent (Article 6(1)(a) GDPR): When required, in particular for the sending of newsletters or commercial information not related to an order, KRUMBS relies on the explicit consent of the user. The latter may withdraw his consent at any time, without justification.

• Legal obligations (Article 6, §1, c of the GDPR): KRUMBS may be required to process and store certain data in order to comply with its legal obligations, in particular in accounting or tax matters.

Each processing is governed by a clearly identified legal basis, and no data is processed without appropriate justification in accordance with the GDPR.

In the course of its activities, KRUMBS may share certain personal data with third parties, only to the extent necessary to achieve the purposes described above, and in compliance with the GDPR:

• Payment providers : Online payments are processed through a secure payment platform (e.g. Stripe or an equivalent provider). These providers act as independent controllers for payment data. KRUMBS never has access to users' complete banking data.

• Accounting and legal service providers : In compliance with its legal obligations, KRUMBS may transmit certain data to its accountant or external advisors, only within the scope of their assignments.

• Competent authorities : In the event of a legal obligation or a formal request from an administrative, judicial or tax authority, KRUMBS may be required to communicate certain personal data, within the limits permitted by law.

Apart from these cases, your data is never sold, rented or passed on to third parties for commercial purposes.

KRUMBS pays particular attention to the security of your personal data and implements appropriate technical and organisational measures to ensure its confidentiality, integrity and availability.

The data collected via the www.krumbs.be website is stored on secure servers located in the European Economic Area (EEA). These servers are hosted by providers who are subject to strict contractual obligations in terms of security and compliance with the GDPR.

In order to protect your data against unauthorised access, loss, alteration or disclosure, KRUMBS applies the following measures in particular:

• Data transmission via secure connections (HTTPS protocol)

• Access management limited to only those who need access to the data to accomplish their mission.

• Encrypted passwords and secure account management

• Protection of the site against fraudulent access or hacking attempts

• Regular system updates and security patches

• Regular backups to prevent data loss in the event of a disaster

KRUMBS only keeps your personal data for as long as necessary to achieve the purposes for which it was collected, and in compliance with applicable legal obligations.

The retention periods vary depending on the nature of the data and the purpose of the processing:

• Data related to orders (contact details, invoicing, purchase history): kept for a period of 10 years from the date of the order, in order to comply with accounting and tax obligations.

• User account data : kept for as long as the account remains active. In the event of prolonged inactivity or deletion of the account at the request of the user, the data will be deleted or anonymized within a reasonable period of time (maximum 6 months), unless otherwise required by law.

• Contact data for marketing communications : kept until the withdrawal of consent or the user's request to object. In the absence of prolonged interaction, this data may be deleted after 3 years.

• Technical and browsing data (cookies, connection logs): kept for the duration of the cookie in question.

• Data from customer support exchanges : kept for the time necessary to process the request, then archived for the purpose of proof or service improvement for a maximum of 2 years.

At the end of the retention periods, KRUMBS undertakes to delete or anonymise the data in a secure manner, ensuring that no information is retained beyond what is strictly necessary.

· Rights of access, rectification and deletion :

KRUMBS Users have the right to access, modify or delete their personal data. For this, they can contact KRUMBS by email at info@krumbs.be, providing proof of identity.

· Right to information :

Following a request, KRUMBS will provide information on the purposes of the data processing, the categories of data concerned, the recipients of the data, the duration of data storage, the rights relating to data processing, and the right to lodge a complaint with a supervisory authority.

· Right to object and restriction :

Users may object to the use of their personal data or request a restriction of their processing. They can exercise these rights by contacting KRUMBS by e-mail, with proof of identity.

· Right to data portability :

Users have the right to receive their personal data in a transferable format and to transmit it to another controller, if technically possible.

· Right to lodge a complaint :

In the event of non-compliance with the GDPR, Customers or Users have the right to lodge a complaint with the Belgian Data Protection Authority

(https://www.autoriteprotectiondonnees.be/).

KRUMBS uses cookies to record browsing information on our Website. Users can manage cookie settings through their browser. For more information, please read our Cookie Policy.

This privacy policy is subject to Belgian law and any dispute will be settled by the courts of the judicial district of the registered office of KRUMBS. For online consumer disputes, there is a European dispute resolution platform (https://ec.europa.eu/consumers/odr)